CISA Alert: Critical Vulnerability in SAP NetWeaver AS Java

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on a Critical Vulnerability in SAP NetWeaver AS Java. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications. SAP has released a security update to address a critical vulnerability, CVE-2020-6287.

CISA encourages users and administrators of SAP products to:

  • Scan SAP systems for all known vulnerabilities, such as missing security patches, dangerous system configurations and vulnerabilities in SAP custom code.
  • Apply missing security patches immediately and institutionalize security patching as part of a periodic process.
  • Ensure secure configuration of your SAP landscape.
  • Identify and analyze the security settings of SAP interfaces between systems and applications to understand risks posed by these trust relationships.
  • Analyze systems for malicious or excessive user authorizations.
  • Monitor systems for indicators of compromise resulting from the exploitation of vulnerabilities.
  • Monitor systems for suspicious user behavior, including both privileged and non-privileged users.
  • Apply threat intelligence on new vulnerabilities to improve the security posture against advanced targeted attacks.
  • Define comprehensive security baselines for systems and continuously monitor for compliance violations and remediate detected deviations.

These recommendations apply to SAP systems in public, private, and hybrid cloud environments.

Please read the CISA alert for more information.